Mageia Bugzilla – Bug 8907
samba new security issues CVE-2013-0213 and CVE-2013-0214
Last modified: 2013-02-06 23:22:30 CET
Samba 3.6.12 has been released upstream, fixing two security issues with SWAT.
Updated package uploaded for Cauldron.
Patched package uploaded for Mageia 2.
Updated samba packages fix security vulnerabilities:
Samba versions before 3.6.11 and 4.0.2 are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings
Samba versions before 3.6.11 and 4.0.2 are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to
manipulate SWAT (CVE-2013-0214).
Updated packages in core/updates_testing:
No real PoC's, it should be sufficient to ensure samba can be configured using samba-swat and works ok.
Testing complete mga2 32 & 64
Still finds the smb server in MCC (diskdrake?) but doesn't show the shares, making it a bit useless.
Mounting with the command below..
# mount -t cifs //host/share /mount/point -o username=<user>,password=<passwd>
To test swat it is necessary to enable it in /etc/xinetd.d/swat by changing disable to no, then restart xinetd service. Then use your browser to log in as your root user at http://localhost:901
Confirmed I was able to log in to swat, alter settings and view the server status on 32 & 64 bit and that i could mount a 64bit share on 32 bit and 32 bit share on 64 bit using mount -t cifs
Advisory & srpm in comment 0
Could sysadmin please push from core/updates_testing to core/updates
Debian has issued an advisory for this on February 2:
Patch checked into Mageia 1 SVN.